public void Process(NetmonRecord r)
{
Hits += 1;
Bytes += r.octets;
Packets += r.packets;
Duration += r.duration;
}
static void Main(string[] args)
{
#region Aliases setup
for (int i = 0; i < subnets.Length; i++)
{
subnets[i] = new Dictionary <IPAddress, string>();
}
subnets[0].Add(IPAddress.Any, "[Internet]");
/*using (StreamReader reader = new StreamReader("sh_ip_bgp_nei_198.32.212.253_routes.txt")) {
* string line = null;
* while ((line = reader.ReadLine()) != null) {
* if (!line.StartsWith("*> "))
* continue;
* string[] parts = line.Split(new char[] { ' ' }, StringSplitOptions.RemoveEmptyEntries);
* Subnet sn = Subnet.Parse(parts[1]);
* subnets[sn.MaskLength][sn.Address.Address] = "[WAIX]";
* }
* }*/
#region Imaging Central
subnets[32].Add(IPAddress.Parse("192.168.19.108"), "ICP-RISSQL");
subnets[32].Add(IPAddress.Parse("192.168.19.109"), "ICP-RISAPP");
subnets[32].Add(IPAddress.Parse("192.168.19.110"), "ICP-RISAGT");
subnets[32].Add(IPAddress.Parse("192.168.19.62"), "IC-CONSULTING");
subnets[32].Add(IPAddress.Parse("192.168.10.69"), "ICENT-MOR-RWS1");
subnets[24].Add(IPAddress.Parse("192.168.19.0"), "[Claremont]");
subnets[24].Add(IPAddress.Parse("192.168.10.0"), "[Morley]");
#endregion
#region Kestral
/*subnets[24].Add(IPAddress.Parse("10.250.1.0"), "Perth Servers");
* subnets[24].Add(IPAddress.Parse("10.250.2.0"), "Perth Workstations");
* subnets[24].Add(IPAddress.Parse("10.252.1.0"), "Melbourne Servers");
* subnets[24].Add(IPAddress.Parse("10.252.2.0"), "Melbourne Workstations");
* subnets[24].Add(IPAddress.Parse("10.254.1.0"), "Sydney Servers");
* subnets[24].Add(IPAddress.Parse("10.254.2.0"), "Sydney Workstations");
*
* subnets[32].Add(IPAddress.Parse("10.250.1.69"), "PER-HQ");
* subnets[32].Add(IPAddress.Parse("10.250.1.73"), "PER-HQ-AGENT");*/
#endregion
#region almostpurple
/*subnets[24].Add(IPAddress.Parse("192.168.1.0"), "[Local]");
*
* subnets[32].Add(IPAddress.Parse("192.168.1.254"), "tyrant");
* subnets[32].Add(IPAddress.Parse("192.168.1.253"), "templar");
* subnets[32].Add(IPAddress.Parse("192.168.1.252"), "troy");
* subnets[32].Add(IPAddress.Parse("192.168.1.251"), "archon");
* subnets[32].Add(IPAddress.Parse("192.168.1.250"), "toshiba");
* subnets[32].Add(IPAddress.Parse("192.168.1.249"), "triso");
* subnets[32].Add(IPAddress.Parse("192.168.1.248"), "tristan");
* subnets[32].Add(IPAddress.Parse("192.168.1.247"), "raptor");
* subnets[32].Add(IPAddress.Parse("192.168.1.246"), "raptor");
* subnets[32].Add(IPAddress.Parse("192.168.1.245"), "oni");
* subnets[32].Add(IPAddress.Parse("192.168.1.244"), "oni");
* subnets[32].Add(IPAddress.Parse("192.168.1.243"), "hawkes");
* subnets[32].Add(IPAddress.Parse("192.168.1.242"), "arbiter");
* subnets[32].Add(IPAddress.Parse("192.168.1.241"), "solzak");
* subnets[32].Add(IPAddress.Parse("192.168.1.240"), "wifi");
* subnets[32].Add(IPAddress.Parse("192.168.1.239"), "gavinm");
* subnets[32].Add(IPAddress.Parse("192.168.1.238"), "gavinm");
* subnets[32].Add(IPAddress.Parse("192.168.1.237"), "gav-n80");
* subnets[32].Add(IPAddress.Parse("192.168.1.236"), "vitalstatistix");
* subnets[32].Add(IPAddress.Parse("192.168.1.235"), "ixy");
* subnets[32].Add(IPAddress.Parse("192.168.1.234"), "bullet-pc");
* //subnets[32].Add(IPAddress.Parse("192.168.1.233"), "evilspyn");
* subnets[32].Add(IPAddress.Parse("192.168.1.232"), "evilspyn");
* subnets[32].Add(IPAddress.Parse("192.168.1.231"), "obelix");
* subnets[32].Add(IPAddress.Parse("192.168.1.230"), "gav-iphone");
* subnets[32].Add(IPAddress.Parse("192.168.1.229"), "dogmatix");
* subnets[32].Add(IPAddress.Parse("192.168.1.228"), "dogmatix");
* subnets[32].Add(IPAddress.Parse("192.168.1.227"), "ixy");
* subnets[32].Add(IPAddress.Parse("192.168.1.226"), "phoenix");
* subnets[32].Add(IPAddress.Parse("192.168.1.225"), "adsl");
*
* // World of Warcraft uses the TCP protocol on port 3724.
* // The Blizzard Downloader, which downloads patches, also uses TCP ports 6112 and the range 6881-6999
* subnets[32].Add(IPAddress.Parse("12.129.233.56"), "WoW:Gurubashi");
* subnets[32].Add(IPAddress.Parse("12.129.225.78"), "WoW:Blackrock");
* subnets[32].Add(IPAddress.Parse("203.206.95.15"), "TeamSpeak");
*
* // EVE uses TCP 26000 to it's only server cluster
* subnets[32].Add(IPAddress.Parse("157.157.139.10"), "EVE:Tranquility");
*
* // DDO
* // Ports 9000-9010 UDP
* // Ports 2900-2910 UDP*/
#endregion
Dictionary <string, int> ignoredSenders = new Dictionary <string, int>();
ignoredSenders.Add("[Local]", 0);
ignoredSenders.Add("[None]", 0);
ignoredSenders.Add("[Broadcast]", 0);
ignoredSenders.Add("tyrant", 0);
ignoredSenders.Add("templar", 0);
ignoredSenders.Add("troy", 0);
ignoredSenders.Add("archon", 0);
ignoredSenders.Add("toshiba", 0);
ignoredSenders.Add("triso", 0);
ignoredSenders.Add("tristan", 0);
ignoredSenders.Add("raptor", 0);
ignoredSenders.Add("oni", 0);
ignoredSenders.Add("hawkes", 0);
ignoredSenders.Add("arbiter", 0);
ignoredSenders.Add("solzak", 0);
ignoredSenders.Add("wifi", 0);
ignoredSenders.Add("gavinm", 0);
ignoredSenders.Add("gav-n80", 0);
ignoredSenders.Add("vitalstatistix", 0);
ignoredSenders.Add("ixy", 0);
ignoredSenders.Add("bullet-pc", 0);
ignoredSenders.Add("evilspyn", 0);
ignoredSenders.Add("obelix", 0);
ignoredSenders.Add("gav-itouch", 0);
ignoredSenders.Add("dogmatix", 0);
#endregion
subnets[32].Add(IPAddress.Parse("0.0.0.0"), "[None]");
subnets[32].Add(IPAddress.Parse("255.255.255.255"), "[Broadcast]");
Dictionary <string, Dictionary <string, Entry> > summaryTable = new Dictionary <string, Dictionary <string, Entry> >();
//string path = @"\\archon\g$\logs";
//string path = @"C:\Logs\Netmon@WebSpy";
//string path = @"\\tyrant\logs\netmon";
//string path = @"C:\Performance\kestral-hq";
string path = @"c:\incoming\ic-netmon";
//string filter = "2005090?.log.gz";
//string filter = "*.log.gz";
string filter = "*.log";
foreach (string fileName in Directory.GetFiles(path, filter))
{
try
{
Console.WriteLine(fileName);
var timer = Stopwatch.StartNew();
var lines = 0;
Stream s = new FileStream(fileName, FileMode.Open, FileAccess.Read, FileShare.ReadWrite);
if (Path.GetExtension(fileName) == ".gz")
{
s = new GZipInputStream(s);
}
using (StreamReader reader = new StreamReader(s))
{
summaryTable.Clear();
string line;
NetmonRecord record = new NetmonRecord();
TimeSpan offpeakStart = new TimeSpan(2, 0, 0);
TimeSpan offpeakEnd = new TimeSpan(10, 0, 0);
while ((line = reader.ReadLine()) != null)
{
if (line.Length == 0 || line[0] == '#')
{
continue;
}
record.Parse(line);
if (record.protocol != 6)
{
continue;
}
if (!(record.sourcePort == 40100 || record.destinationPort == 40100))
{
continue;
}
string source = Resolve(record.sourceAddress);
string dest = Resolve(record.destinationAddress);
Dictionary <string, Entry> child;
if (!summaryTable.TryGetValue(source, out child))
{
child = new Dictionary <string, Entry>();
summaryTable.Add(source, child);
}
Entry entry;
if (!child.TryGetValue(dest, out entry))
{
entry = new Entry();
child.Add(dest, entry);
}
TimeSpan recTime = record.start.AddHours(9).TimeOfDay;
Summary summary = offpeakStart < recTime && recTime < offpeakEnd ?
entry.Offpeak : entry.Peak;
summary.Bytes += record.octets;
summary.Duration += record.duration;
}
lines++;
}
timer.Stop();
Console.WriteLine(lines + " lines in " + timer.Elapsed);
foreach (KeyValuePair <string, Dictionary <string, Entry> > parent in summaryTable)
{
foreach (KeyValuePair <string, Entry> child in parent.Value)
{
if (child.Value.Peak.Bytes > 0 || child.Value.Offpeak.Bytes > 0)
{
if (!ignoredSenders.ContainsKey(parent.Key))
{
Console.WriteLine(String.Format("{0} -> {1} = Peak: {2:n0} MB, Offpeak: {3:n0} MB", parent.Key, child.Key,
(child.Value.Peak.Bytes >> 20), (child.Value.Offpeak.Bytes >> 20),
child.Value.Peak.Duration + child.Value.Offpeak.Duration));
}
}
}
}
}
catch
{
}
}
Console.ReadLine();
}
